Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
Some major keys to open discussion is that people avoid ad hominem
attacks -- for example, they do not call people liars -- and they
avoid hyperbole. For example:
To quote:
http://www1.ietf.org/mail-archive/web/asrg/current/msg10826.html
you want to change the nature of the infrastructure. you want to
redefine established terminology.
http://www1.ietf.org/mail-archive/web/asrg/current/msg10855.html
In professional fora, it is entirely inappropriate to make assertions
about other people's desires, capabilities, and the like.
Both of the above quotes are from the same person. I have little
reason to defend myself from accusations made by someone who is guilty
of exactly the same behavior he is accusing others of.
That kind of double standard in this area has been a considerable
source of frustration to many people I've talked with off-line. Most
of them, however, are unwilling to publicly rock the boat by saying
things like "SMTP is imperfect", for fear of getting attacked.
The failure of SMTP to protect from forgery, malicious bounces,
etc. is a failure of the security model of SMTP.
The security model of SMTP is the same as the security model for
sending paper letters and for making phone calls.
For one, you haven't explain why. Statements of belief aren't
statements of fact. At the minimum, SMTP is electronic while paper
mail is not, so from that information alone, the security models MUST
be different.
For two, phone calls don't have "malicious bounces", so I'm confused
why the security models for SMTP and telephones would be the same.
For three, my statement was talking about failures of a model, not
about comparisons with other models. Claiming that SMTP has the same
security model as something else is nice, but not really relevant to
the issue thar the security model of SMTP has had demonstratable
failures.
To "fail" requires that there be a goal that was not attained.
That's not the case here. The case here is that real threats changed
after 25 years of operation and we need to adjust to them.
i.e. the goal of SMTP has expanded: to protect from new threats,
which were previously minimal, or unknown.
SMTP as it was designed 10 years ago has failed to reach these new
goals. This isn't surprising. As you point out, it was never
intended to reach those goals. That doesn't change the fact that the
security model of SMTP has failed, and continues to fail, to protect
from attacks which it was never intended to deal with.
This shouldn't be news. It shouldn't be a sore point, either.
The important thing now is to decide WHY the model failed, and HOW
it failed. Without that information, it will be impossible to fix it.
The key to open discussion is that people say things thoughtfully
and with an attempt to be accurate and precise.
That's half the battle. The other half is that people hearing those
statements listen to them, and respond thoughtfully to their content.
Alan DeKok.